Commit Graph

490 Commits

Author SHA1 Message Date
Sergio Benitez 9a9cd76c01 Add support for 'diesel-async' to 'db_pools'. 2023-06-09 16:47:06 -07:00
Sergio Benitez 6db63d6bb3 Use 'resolver = 2' across workspaces. 2023-06-09 16:46:58 -07:00
Sergio Benitez 9b0564ed27 Tidy custom forward status changes, update docs. 2023-04-11 12:55:57 -07:00
Benedikt Weber 055ad107df Allow status customization in 'Forward' outcomes.
Prior to this commit, all forward outcomes resulted in a 404. This
commit changes request and data guards so that they are able to provide
a `Status` on `Forward` outcomes. The router uses this status, if the
final outcome is to forward, to identify the catcher to invoke.

The net effect is that guards can now customize the status code of a
forward and thus the error catcher invoked if the final outcome of a
request is to forward.

Resolves #1560.
2023-04-11 12:47:20 -07:00
Sergio Benitez 51ed332127 Make trailing slashes significant during routing.
This commit modifies request routing in a backwards incompatible manner.
The change is summarized as: trailing slashes are now significant and
never transparently disregarded. This has the following implications,
all representing behavior that differs from that before this change:

  * Route URIs with trailing slashes (`/foo/`, `/<a>/`) are legal.
  * A request `/foo/` is routed to route `/foo/` but not `/foo`.
  * Similarly, a request `/bar/` is routed to `/<a>/` but not `/<a>`.
  * A request `/bar/foo` is not routed to `/<a>/<b>/<c..>`.

A new `AdHoc::uri_normalizer()` fairing was added that recovers the
previous behavior.

In addition to the above, the `Options::NormalizeDirs` `FileServer`
option is now enabled by default to remain consistent with the above
changes and reduce breaking changes at the `FileServer` level.
2023-04-10 12:40:39 -07:00
Sergio Benitez ac0a77bae2 Allow dynamic parameters to match empty segments.
The net effect of this commit is three-fold:

  * A request to `/` now matches `/<a>`. `/foo/` matches `/<a>/<b>`.
  * A segment matched to a dynamic parameter may be empty.
  * A request to `/foo/` no longer matches `/foo` or `/<a>`. Instead,
    such a request would match `/foo/<a>` or `/foo/`.

The `&str` and `String` parameter guards were updated to reflect this
change: they now error, with a newly introduced error type `Empty` in
the `rocket::error` module, when the parameter is empty. As this was the
only built-in parameter guard that would be effected by this change (all
other guards already required nonempty parameters to succeed), the
majority of applications will see no effect as a result.

For applications wanting the previous functionality, a new
`AdHoc::uri_normalizer()` fairing was introduced.
2023-04-07 20:00:09 -07:00
Sergio Benitez 0a56312607 Implement more conservative URI normalization.
* Trailing slashes are now allowed in all normalized URI paths, except
    for route attribute URIs: `/foo/` is considered normalized.
  * Query parts of URIs may now be empty: `/foo?` and `/foo/?` are now
    considered normalized.
  * The `base` field of `Catcher` is now only accessible via a new
    getter method: `Catcher::base()`.
  * `RawStr::split()` returns a `DoubleEndedIterator`.
  * Introduced a second normalization for `Origin`, "nontrailing", and
    associated methods: `Origin::normalize_nontrailing()`, and
    `Origin::is_normalized_nontrailing()`.
  * Added `Origin::has_trailing_slash()`.
  * The `Segments<Path>` iterator will now return an empty string if
    there is a trailing slash in the referenced path.
  * `Segments::len()` is now `Segments::num()`.
  * Added `RawStr::trim()`.

Resolves #2512.
2023-04-07 19:59:57 -07:00
Sergio Benitez a82508b403 Set 'Secure' cookie flag by default under TLS.
If TLS is enabled and active, Rocket will now set the `Secure` cookie
attribute by default.

Resolves #2425.
2023-04-05 13:15:24 -07:00
Sergio Benitez d9f86d8647 Fully document the 'ws' contrib crate. 2023-04-03 16:09:45 -07:00
Sergio Benitez 7d895eb9f6 Add initial implementation of 'rocket_ws'.
This provides WebSocket support in Rocket's official 'contrib'.
2023-04-01 15:02:24 -07:00
Sergio Benitez aa6ad7030a Allow setting mTLS certificates on local 'Client'.
This allows testing with client certificates.

Co-authored-by: Brett Buford <blbuford@gmail.com>
2023-03-31 11:13:40 -07:00
Sergio Benitez 847e87d5c9 Make 'ws::Stream![]' mean 'ws::Stream!['static]'.
This is in line with the stream macros in Rocket core.
2023-03-31 08:34:45 -07:00
Sergio Benitez 1d2cc257dc Preprocess tungstenite 'ConnectionClosed' errors.
Tungstenite abuses `Err(ConnectionClosed)` to indicate the non-error
condition of a websocket closing. This commit changes error processing
such that the error is caught and converted into a successful
termination of websocket handling.
2023-03-30 16:08:31 -07:00
Sergio Benitez 64a7bfb37c Fix header lookups for connection upgrades. 2023-03-30 16:08:14 -07:00
Sergio Benitez 2abddd923e Implement stream websocket API in upgrade example. 2023-03-30 12:48:20 -07:00
Sergio Benitez bd482081ad Add 'upgrade' example with WebSocket support.
This is an initial example that showcases using the new connection
upgrade API to implement WebSocket support outside of Rocket's core.
2023-03-29 17:07:01 -07:00
Sergio Benitez 9c052be2dc Fix HTML field label in forms example template.
Fixes #2256.
2023-03-26 19:26:12 -07:00
Sergio Benitez 7155ad229a Add HTTP to HTTPs redirector to TLS example. 2023-03-26 17:57:31 -07:00
Sergio Benitez 0a0f540988 Support TLS keys in SEC1 format. 2023-03-23 14:57:54 -07:00
Sergio Benitez daa157f872 Ignore data before TLS key encapsulation boundary.
Resolves #2281.

Co-authored-by: Julian Büttner <me@julianbuettner.dev>
2023-03-23 14:57:54 -07:00
Kian-Meng Ang 06d255b52b Fix a whole bunch of typos.
Found via `codespell -L crate,ser,fo,noo,nd,cappable,pard,te,ans`.
2023-03-23 14:57:54 -07:00
Sergio Benitez 0ed6d82d10 Defend against configured known secret keys.
This is a two-prong effort. First, we warn on launch if a known key is
used. Second, we document using invalid keys where possible.

Co-authored-by: Jonas Møller <jonas@moesys.no>
2023-03-23 14:57:54 -07:00
Sergio Benitez 9377af5978 Make real IP header configurable via 'ip_header'.
Adds an `ip_header` configuration parameter that allows modifying the
header Rocket attempts to use to retrieve the "real IP" address of the
client via `Request` methods like `client_ip()`. Additionally allows
disabling the use of any such header.
2023-03-20 12:57:21 -07:00
Tilen Pintarič f0d678d464 Update diesel to 2.0, sqlx to 0.6.
Closes #2209.
Closes #2335.
Closes #2249.
2022-09-18 01:24:57 -07:00
Sergio Benitez a34edc4de9 Silence false positive warnings.
Use `allow(deadcode)` on structs that exist solely to be debug-printed.
2022-08-04 17:45:53 -07:00
Sergio Benitez 78aad3aa95 Fix 'PasteId' 'use' in pastebin tutorial. 2022-05-08 18:30:13 -05:00
Sergio Benitez fccb5759db Revamp pastebin tutorial for Rocket v0.5.
Closes #1756.
2022-05-08 01:57:49 -05:00
Sergio Benitez 6fc24789e9 Fix SSE heartbeat so it never interrupts events.
Previously, the heartbeat message, in its raw form, was ":\n\n". This
commit changes the message to be ":\n".

The former message, when parsed as Server-Sent Events, contained an
empty comment (as desired) _and_ a new line (erroneously). The new line
resulted in emitting any event that was presently being emitted, even if
it wasn't complete. That is, emitting an event partly, such as the
event's data but not its name. Removing the extra new line resolves this
issue and ensures that events aren't interrupted by the heartbeat.

Fixes #2152.
2022-04-27 13:59:03 -07:00
Konrad Borowski 4d258739f5 Migrate Rocket to Rust 2021 edition. 2022-04-19 18:35:38 -07:00
xelivous 13d8e74655 Fix flash message display in todo example. 2022-02-23 13:55:02 -08:00
Sergio Benitez 6345d2b888 Update dependencies in core to latest versions.
This updates:

 * rmp-serde to 1
 * pretty_assertions to 1
 * parking_lot to 0.12
 * tokio-util to 0.7
2022-02-16 10:26:24 -08:00
Ning Sun 831ffc6c09 Update 'handlebars' to 4.0. 2021-08-30 03:42:57 -07:00
Sergio Benitez 42a0fb8afe Increase diesel DB example timeout for CI. 2021-08-19 23:36:30 -07:00
Sergio Benitez 3616f25c0b Update 'time' to 0.3, 'cookie' to 0.16.
Also reexport 'time' from the crate root.
2021-08-19 19:49:23 -07:00
Sergio Benitez cc0621626b Prefix 'content' responder names with 'Raw'.
The primary aim of this commit is to reduce confusion between
'content::Json' and 'rocket::serde::json::Json' be renaming the former
to 'content::RawJson'. The complete changes in this PR are:

  * All responders in the 'content' module are prefixed with 'Raw'.
  * The 'content::Custom' responder was removed entirely.
  * The 'Plain' responder is now 'RawText'.
  * The 'content' API docs point to the 'serde' responders.
  * The docs and examples were updated accordingly.
2021-07-20 02:09:11 -07:00
Sergio Benitez 5b1a04deab Introduce async database pools: 'rocket_db_pools'.
This is the async analog of 'rocket_sync_db_pools', rewritten to be
cleaner, leaner, easier to maintain and extend, and better documented.

Resolves #1117.
Resolves #1187.
2021-07-18 12:17:17 -07:00
Jeb Rosen f7f068be11 Initial implementation of async DB pooling. 2021-07-18 12:14:25 -07:00
Sergio Benitez 693f4f9ee5 Add README to databases example.
Closes #1760.
2021-07-12 16:45:56 -07:00
Sergio Benitez 677790d639 Bring back generated TLS keys, used by tests. 2021-07-09 16:35:09 -07:00
Sergio Benitez bbc36ba27f Initial implementation of mTLS.
Co-authored-by: Howard Su <howard0su@gmail.com>
Co-authored-by: Mikail Bagishov <bagishov.mikail@yandex.ru>
2021-07-09 00:05:20 -07:00
Sergio Benitez 71823915db Don't store example keys and certs in repository. 2021-07-07 12:16:12 -07:00
Sergio Benitez 95e9b2e9ef Remove latent 'dbg!()' in templating tests. 2021-07-02 11:33:32 -07:00
Mikail Bagishov be933ce398 Apply clippy suggestions. 2021-06-30 14:13:19 -07:00
Flying-Toast 8e3ad40beb Add 'context!' for ad-hoc templating contexts. 2021-06-30 10:09:28 -07:00
Sergio Benitez fb3ae9f7db Impl std traits, 'UriDisplay<Query>' for 'Json'.
The 'Json' type now implements:

  * Clone
  * PartialEq
  * Eq
  * PartialOrd
  * Ord
  * Hash
  * UriDisplay<Query>

Method calls that resolve to a method in the set of traits above
previously resolved to the `Deref` target. For example, `foo.clone()`,
where `foo: Json<T>`, previously resolved to `<T as Clone>::clone()` but
now resolves to `<Json<T> as Clone>::clone()`.
2021-06-29 03:31:27 -07:00
Sergio Benitez 76ec847a58 Use 'RelativePathBuf' as 'Config.temp_dir' type.
This makes a relative 'temp_dir' declared in a config file relative to
the config file itself.
2021-06-25 11:42:49 -07:00
Sergio Benitez 128234d9a8 Allow customizing and removing 'Server' header. 2021-06-08 23:09:57 -07:00
Sergio Benitez 1a42009e9f Fix various generated and direct clippy warnings. 2021-06-08 13:27:09 -07:00
Sergio Benitez 4c6562cd29 Drop 'Data' after sending a response, not before.
This allows responses to be sent to the client even when data is only
partially read, significantly improving the experience for the client
from one with a "connection closed" error to one with a proper response.
The consequence is a lifetime in 'Data'.

Though other non-lifetime-introducing solutions exist, the introduction
of a lifetime to 'Data' is a longstanding desire as it prevents
smuggling 'Data' into a longer-lived context. Use of 'Data' in that
context was unspecified with various runtime consequences. The addition
of a lifetime bound by the request prevents this error statically.

In summary, the changes are:
  * Clients receive responses even when data isn't fully read.
  * 'Data' becomes 'Data<'r>'. 'FromData' changes accordingly.
  * Route 'Outcome's are strictly tied to the request lifetime.

Tangentially, the invalid length form field validation error message has
improved to format length in byte units if it exceeds 1024.
2021-06-08 13:26:16 -07:00
Juhasz Sandor 469f3942eb Use an 'include' in tera templating example. 2021-06-03 13:21:04 -07:00